SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libpng12-0-1.2.49-1.1.1.x86_64.rpm :
Thu Apr 12 14:00:00 2012 lijewski.stefanAATTzabka.pl
- updated to 1.2.49:

* fixed CVE-2011-3048 [bnc#754745]

Mon Apr 2 14:00:00 2012 lijewski.stefanAATTzabka.pl
- updated to 1.2.48:

* fixed CVE-2011-3045 [bnc#752008]

Wed Feb 29 13:00:00 2012 johann.luceAATTwanadoo.fr
- update to 1.2.47, fixes:

* A heap-based buffer overflow in libpng was fixed that could
potentially be exploited by attackers to execute arbitrary
code or cause an application to crash (CVE-2011-3026).

Thu Aug 18 14:00:00 2011 lijewski.stefanAATTgmail.com
- update to 1.2.46, fixes:

* CVE-2011-2501 [bnc#702578]

* CVE-2011-2690 [bnc#706387]

* CVE-2011-2691 [bnc#706388]

* CVE-2011-2692 [bnc#706389]

Tue Aug 24 14:00:00 2010 pgajdosAATTsuse.cz
- fixed [bnc#617866]

* memory leak CVE-2010-2249

* out of bounds write to memory CVE-2010-1205

Tue Mar 9 13:00:00 2010 pgajdosAATTsuse.cz
- Defending Libpng Applications Against Decompression Bombs
[bnc#580484]
http://libpng.sourceforge.net/decompression_bombs.html

* CVE-2010-0205.patch
- refreshed setjmp.diff using quilt

Thu Aug 13 14:00:00 2009 pgajdosAATTsuse.cz
- updated to 1.2.39:

* Added a prototype for png_64bit_product() in png.c

* Avoid a possible NULL dereference in debug build,
in png_set_text_2()

* Relocated new png_64_bit_product() prototype into png.h

* Replaced
*.tar.lzma with
*.txz in distribution.

* Reject attempt to write iCCP chunk with negative embedded
profile length.

Mon Jul 20 14:00:00 2009 pgajdosAATTsuse.cz
- updated to 1.2.38:

* Revised libpng
*.txt and libpng.3 to mention calling png_set_IHDR()
multiple times and to specify the sample order in the tRNS chunk,
because the ISO PNG specification has a typo in the tRNS table.

* Changed several PNG_UNKNOWN_CHUNK_SUPPORTED to
PNG_HANDLE_AS_UNKNOWN_SUPPORTED, to make the png_set_keep mechanism
available for ignoring known chunks even when not saving unknown chunks.

* Adopted preference for consistent use of \"#ifdef\" and \"#ifndef\" versus
\"#if defined()\" and \"if !defined()\" where possible.

* Added PNG_NO_HANDLE_AS_UNKNOWN in the PNG_LEGACY_SUPPORTED block of
pngconf.h, and moved the various unknown chunk macro definitions
outside of the PNG_READ|WRITE_ANCILLARY_CHUNK_SUPPORTED blocks.

Thu Jun 4 14:00:00 2009 pgajdosAATTsuse.cz
- updated to 1.2.37:

* fixed bug with new png_memset() of the big_row_buffer

Tue May 12 14:00:00 2009 pgajdosAATTsuse.cz
- updated to 1.2.36 (see CHANGES)

Mon Feb 23 13:00:00 2009 pgajdosAATTsuse.cz
- fixes possible double free [bnc#472745]
(CVE-2009-0040)

Mon Jan 19 13:00:00 2009 pgajdosAATTsuse.cz
- updated to 1.2.34:

* fixes CVE-2008-3964 (removed CVE-2008-3964.patch)

Tue Jan 13 13:00:00 2009 olhAATTsuse.de
- obsolete old -XXbit packages (bnc#437293)

Mon Sep 15 14:00:00 2008 pgajdosAATTsuse.cz
- fixed CVE-2008-3964 [bnc#424739]

* CVE-2008-3964.patch

Thu Sep 11 14:00:00 2008 pgajdosAATTsuse.cz
- updated to version 1.2.31:

* coding bugfixes and enhancements

Mon Sep 1 14:00:00 2008 ajAATTsuse.de
- Do not package la files.

Mon Jun 23 14:00:00 2008 pgajdosAATTsuse.cz
- updated to 1.2.29:

* fixes to the configure-related build-scripts

* security fix that affects programs that attempt to do
special handling of unknown PNG chunks (presumably very
few such programs), along with a reversion to previous
behavior for handling of images with out-of-range tRNS-chunk
values [bnc#378634]

* fix for unintentional gray-to-RGB conversion in
png_set_expand_gray_1_2_4_to_8()

* various other minor fixes
- removed makefile-am.patch, issue fixed upstream

Sun May 11 14:00:00 2008 cooloAATTsuse.de
- fix rename of xxbit packages

Tue Apr 22 14:00:00 2008 pgajdosAATTsuse.cz
- $(ECHO) substituted by echo in Makefile.in -- fixes package
build in beta (makefile-am.patch)

Thu Apr 10 14:00:00 2008 roAATTsuse.de
- added baselibs.conf file to build xxbit packages
for multilib support

Thu Apr 3 14:00:00 2008 pgajdosAATTsuse.cz
- updated to 1.2.26:

* fixed minor coding errors that could lead to crashes in
exceptional cases

Thu Dec 6 13:00:00 2007 mrueckertAATTsuse.de
- added provides/obsoletes for the old package

Fri Nov 30 13:00:00 2007 nadvornikAATTsuse.cz
- updated to 1.2.23:

* more sanity checks, fixes [#332249]
- adjusted to Shared Library Policy:

* renamed package libpng to libpng12-0

* created compatibility package libpng3

Wed Jul 11 14:00:00 2007 nadvornikAATTsuse.cz
- updated to 1.2.18:

* security fixes merged upstream

Thu Mar 29 14:00:00 2007 ajAATTsuse.de
- Add zlib-devel to BuildRequires.

Thu Nov 23 13:00:00 2006 nadvornikAATTsuse.cz
- fixed crash on malformed sPLT chunks CVE-2006-5793 [#219007]

Mon Jul 17 14:00:00 2006 nadvornikAATTsuse.cz
- make sure PNG_NO_ASSEMBLER_CODE is used consistently


  
ICM